Tuesday, October 14, 2008

Antivirus will soon become Obsolete

Antivirus software on your PC could soon be a thing of the past: US engineers have developed a new approach to malicious software detection using ‘cloud computing’, where applications are provided through the Internet.

Traditional antivirus software is becomign increasingly ineffective due to severe vulnerabilities in their engine. The boffins observed malware – malicious software – detection rates as low as 35 per cent against the most recent threats.

The new approach, called CloudAV, moves antivirus functionality into the “network cloud” and off PCs. CloudAV analyses suspicious files using multiple antivirus and behavioural detection programmes simultaneously.

“Our CloudAV virtualises and parallelises detection using multiple antivirus engines, significantly increasing overall protection,” said Farnam Jahanian, professor of computer science at the University of Michigan.

CloudAV is a production quality in-cloud anti virus system, which includes a lightweight, cross platform host agent (Win32, Linux, FreeBSD, Sendmail/Postfix milter, Nokia Maemo) and a network service with ten antivirus engines (Avast, AVG, BitDefender, ClamAV, F-Prot, F-Secure, Kaspersky, McAfee, Symantec, and Trend Micro) and two behavioral detection engines (Norman Sandbox, CWSandbox).

This whole idea is pretty similar to using ThreatFire along with any other anti-virus software, as ThreatFire, keeps the system safe by doing the behavioral analysis of programs making you safe against Zero day threats, whereas another anti-virus will provide the database for already known viruses.

To develop this novel approach, the researchers evaluated 12 traditional antivirus programs – Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot , F-Secure , Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro – against 7,220 malware samples, including viruses.

Traditional antivirus checks documents and programmes as they are accessed. Because of technological constraints, only one anti-virus detector is typically used at a time.

CloudAV, however, uses 12 different detectors together to determine the safety of any new document or programme received. It is accessible via any computer or mobile device that runs a simple software agent.

The new approach also caches analysis results, speeding up the process compared with traditional antivirus software. This could be useful for workplaces, for example, where multiple employees might access the same document.

CloudAV could also be used in cell phones and other devices that aren't robust enough to carry powerful antivirus software, the scientists said.

More about

Stumble Upon Toolbar

No comments: